Information Technology Request
Dear Bracknell Forest Borough Council,
I am writing to make an open government request for all the information to which I am entitled under the Freedom of Information Act 2000.
Please forward responses to the attached questions below.
I would like the above information to be provided to me as an electronic document.
If this request is too wide or unclear, I would be grateful if you could contact me as I understand that under the Act, you are required to advise and assist requesters. If any of this information is already in the public domain, please can you direct me to it, with page references and URLs if necessary.
If the release of any of this information is prohibited on the grounds of breach of confidence, I ask that you supply me with copies of the confidentiality agreement and remind you that information should not be treated as confidential if such an agreement has not been signed.
I understand that you are required to respond to my request within the 20 working days after you receive this letter. I would be grateful if you could confirm in writing that you have received this request.
I look forward to hearing from you.
Yours faithfully,
Gloria Zimba.
1. Do you have a formal IT security strategy? (Please provide a link to the strategy)
A) Yes
B) No
2. Does this strategy specifically address the monitoring of network attached device configurations to identify any malicious or non-malicious change to the device configuration?
A) Yes
B) No
C) Don’t know
3. If yes to Question 2, how do you manage this identification process – is it:
A) Totally automated – all configuration changes are identified and flagged without manual intervention.
B) Semi-automated – it’s a mixture of manual processes and tools that help track and identify configuration changes.
C) Mainly manual – most elements of the identification of configuration changes are manual.
4. Have you ever encountered a situation where user services have been disrupted due to an accidental/non malicious change that had been made to a device configuration?
A) Yes
B) No
C) Don’t know
5. If a piece of malware was maliciously uploaded to a device on your network, how quickly do you think it would be identified and isolated?
A) Immediately
B) Within days
C) Within weeks
D) Not sure
6. How many devices do you have attached to your network that require monitoring?
A) Physical Servers: record number
B) PC’s & Notebooks: record number
7. Have you ever discovered devices attached to the network that you weren’t previously aware of?
A) Yes
B) No
If yes, how do you manage this identification process – is it:
A) Totally automated – all device configuration changes are identified and flagged without manual intervention.
B) Semi-automated – it’s a mixture of manual processes and tools that help track and identify unplanned device configuration changes.
C) Mainly manual – most elements of the identification of unexpected device configuration changes are manual.
8. How many physical devices (IP’s) do you have attached to your network that require monitoring for configuration vulnerabilities?
Record Number:
9. Have you suffered any external security attacks that have used malware on a network attached device to help breach your security measures?
A) Never
B) Not in the last 1-12 months
C) Not in the last 12-36 months
10. Have you ever experienced service disruption to users due to an accidental, non-malicious change being made to device configurations?
A) Never
B) Not in the last 1-12 months
C) Not in the last 12-36 months
11. When a scheduled audit takes place for the likes of PSN or Cyber Essentials, how likely are you to get significant numbers of audit fails relating to the status of the IT infrastructure?
A) Never
B) Occasionally
C) Frequently
D) Always
Dear Gloria Zimba
Thank you for your request for information, below, which was received by the Council (26/11/2021) and we will answer your request under the Freedom of Information Act 2000. The FOI Act obliges us to respond to requests promptly, and in any case no later than 20 working days (by 24/12/2021) unless it is necessary to consider the public interest, in which case a full response must be provided within such a time as is reasonable in the circumstances and I will write to you again if this occurs.
The Council is fully utilising its facilities in order to complete all freedom information requests and subject access requests within the statutory time scale. However, whilst we are making every effort to fulfil every request, it is acknowledged both by the Council and the ICO that sometimes other pressures will have to take priority during this difficult time and people may experience unavoidable delays to their FOI and SAR response times. We thank you for your patience in this challenging time.
If you have any queries about this letter, please contact me. Please remember to quote the reference number above in any future correspondence.
Yours sincerely
Information Compliance Team
Legal Services
Delivery
Bracknell Forest Council
Tel: 01344 352000
Email: [Bracknell Forest Borough Council request email]
Web: www.bracknell-forest.gov.uk
Dear Gloria Zimba
I am writing to confirm that the council has completed the processing of
your request for information.
Please find below a copy of your request, followed by the Council’s
response.
Request
1. Do you have a formal IT security strategy? (Please provide a link to
the strategy)
A. Yes
b) No
2. Does this strategy specifically address the monitoring of network
attached device configurations to identify any malicious or non-malicious
change to the device configuration?
N/A
3. If yes to Question 2, how do you manage this identification
process – is it:
N/A
4. Have you ever encountered a situation where user services have
been disrupted due to an accidental/non malicious change that had been
made to a device configuration?
A. Yes
5. If a piece of malware was maliciously uploaded to a device on
your network, how quickly do you think it would be identified and
isolated?
A) Immediately
B) Within days
C) Within weeks
D. Not sure
6. How many devices do you have attached to your network that
require monitoring?
A. Physical Servers: record number 20
B. PC’s & Notebooks: 1500
7. Have you ever discovered devices attached to the network that you
weren’t previously aware of?
A. Yes
If yes, how do you manage this identification process – is it:
B. Semi-automated – it’s a mixture of manual processes and tools that
help track and identify unplanned device configuration changes.
8. How many physical devices (IP’s) do you have attached to your
network that require monitoring for configuration vulnerabilities?
Record Number: 2
9. Have you suffered any external security attacks that have used
malware on a network attached device to help breach your security
measures?
A) Never
B) Not in the last 1-12 months
C. Not in the last 12-36 months
10. Have you ever experienced service disruption to users due to an
accidental, non-malicious change being made to device configurations?
A) Never
B) Not in the last 1-12 months
C. Not in the last 12-36 months
11. When a scheduled audit takes place for the likes of PSN or Cyber
Essentials, how likely are you to get significant numbers of audit fails
relating to the status of the IT infrastructure?
A. Never
B) Not in the last 1-12 months
C) Not in the last 12-36 months
You may also find it helpful to refer to our web page
[1]https://www.bracknell-forest.gov.uk/busi...
which contains other helpful information as well.
If you have any queries about this matter please contact me. Please
remember to quote the reference number above in any future communications.
Please note that your request may itself be the subject of a FOI request
and will be disclosed in that event.
If you are unhappy with the service you have received in relation to our
handling of your request you can request an internal review.
Requests for an internal review must be made in writing, and within 40
working days from the date the authority issued an initial response to
your request. Public authorities are not obliged to accept internal
reviews after this date.
Requests for internal reviews should be acknowledged and the target date
for responding will be advised usually within 20 working days. In the
event that clarification of an internal review is required from the
applicant the normal 20 working day time period will not begin until it
has been received.
When requesting an internal review, please include your reference number,
the date of your original request and your contact details. Please also
include an explanation of why you are dissatisfied with our response.
Requests for an internal review should be sent to:
[2][Bracknell Forest Borough Council request email]
If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner for a decision. Generally, the
ICO cannot make a decision unless you have exhausted the complaints
procedure provided by the Council. The Information Commission can be
contacted at: The Information Commissioner’s Office, Wycliffe House, Water
Lane, Wilmslow, Cheshire SK9 5AF.
Yours
sincerely
Information Compliance
Team
Legal
Services
Delivery
Bracknell Forest
Council
Tel: 01344
352000
Email: [3][Bracknell Forest Borough Council request email]
Web: [4]www.bracknell-forest.gov.uk
References
Visible links
1. https://www.bracknell-forest.gov.uk/busi...
2. mailto:[Bracknell Forest Borough Council request email]
3. mailto:[Bracknell Forest Borough Council request email]
4. http://www.bracknell-forest.gov.uk/
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now